[prev in list] [next in list] [prev in thread] [next in thread]
List: konq-bugs
Subject: [Bug 149436] New: konqueror should default to permanently accepting
From: Stefanos Harhalakis <v13 () priest ! com>
Date: 2007-08-31 16:47:44
Message-ID: 20070831184740.149436.v13 () priest ! com
[Download RAW message or body]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=149436
Summary: konqueror should default to permanently accepting
invalid certificates
Product: konqueror
Version: unspecified
Platform: unspecified
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
AssignedTo: konq-bugs kde org
ReportedBy: v13 priest com
Version: 3.5.7 (using KDE 3.5.7, Debian Package 4:3.5.7.dfsg.1-1 (lenny/sid))
Compiler: Target: i486-linux-gnu
OS: Linux (i686) release 2.6.22-v2-v
I'm filling this as a 'bug' since it is security related.
Please read:
http://groups.google.com/group/mozilla.dev.security/browse_frm/thread/b3caff5eeab499d3/2252211f72247176
It is a request I sent yesterday to firefox developers. I'm also pasting it here:
------
Hello there,
As you already know (:-)) when firefox visits an SSL enabled site and gets a certificate that \
cannot be verified, asks the user about the action it should take. The current actions are: \
Accept Permanentely (#1), Accept for Session (#2), Don't Accept (#3), having #2 as the \
preselected option.
I believe that this (option #2) is the most insecure of all. Let me explain my thoughts:
* If the user reject the certificate then there can be no harm
* If the user accepts the certificate permanently:
* The certificate may be valid and thus he will be protected for all future sessions, because \
a fake certificate will not match the already accepted one.
* The certificate may be fake (man in the middle). If it is fake, they user most probably \
will find it out when he will try to visit the site at another moment in the future, when there \
will be no mitm attack taking place. Firefox will warn then about the wrong certificate and the \
user will be alerted.
* If the user accepts the certificate permanently is like drawing a lot. A user that visits an \
https-powered webmail site 4-10 times a day just increases the possibility of a mitm attack to \
succeed.
Of course you'd ask 'who visits a site so often and does not accept the certificate \
permanently'. Well, my experience shows that there are many such people (I work as a sysadmin \
in a University).
So I suggest (and kindly ask) you to:
a) Change the default option to #1 or #3
b) Discourage people from selecting #2 (even display a warning box)
c) Perhaps implement an aging (cache expiring) method to delete very old certificate and \
possibly add an option 'remember for 1 year', where each new visit will reset the countdown \
timer.
All of these could be accompanied with a more alerting dialog box to be shown when there is a \
certificate mismatch.
Best regards,
Harhalakis Stefanos
------
_______________________________________________
Konq-bugs mailing list
Konq-bugs@mail.kde.org
https://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic